- MFH

diff --git a/ext/standard/var_unserializer.c b/ext/standard/var_unserializer.c
index a15120e9fefde1169aafefb857879b13187c5303..fe91f7cb5562f196c5d01e63f191980857c20a10 100644 (file)
--- a/ext/standard/var_unserializer.c
+++ b/ext/standard/var_unserializer.c
@@ -1,5 +1,5 @@
-/* Generated by re2c 0.9.3 on Sun Jan 30 11:35:55 2005 */
-#line 1 "/home/rei/php_dev/php4/ext/standard/var_unserializer.re"
+/* Generated by re2c 0.9.4 on Tue Feb 15 09:07:53 2005 */
+#line 1 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
 /*
    +----------------------------------------------------------------------+
    | PHP Version 4                                                        |
@@ -147,7 +147,7 @@ PHPAPI void var_destroy(php_unserialize_data_t *var_hashx)
 #define YYMARKER marker
 
 
-#line 154 "/home/rei/php_dev/php4/ext/standard/var_unserializer.re"
+#line 154 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
 
 
 
@@ -418,7 +418,7 @@ yy0:
                                goto yy16;
                        } else {
                                if(yych <= '}') goto yy14;
-                               if(yych <= '\277')      goto yy16;
+                               if(yych <= 0xBF)        goto yy16;
                                goto yy2;
                        }
                }
@@ -432,7 +432,7 @@ yy3:        yyaccept = 0;
        if(yych == ':') goto yy87;
        goto yy4;
 yy4:
-#line 574 "/home/rei/php_dev/php4/ext/standard/var_unserializer.re"
+#line 582 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
 { return 0; }
 #line 102 "<stdout>"
 yy5:   yyaccept = 0;
@@ -473,7 +473,7 @@ yy13:       yyaccept = 0;
 yy14:  ++YYCURSOR;
        goto yy15;
 yy15:
-#line 568 "/home/rei/php_dev/php4/ext/standard/var_unserializer.re"
+#line 576 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
 {
        /* this is the case where we have less data than planned */
        php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Unexpected end of serialized data");
@@ -502,9 +502,9 @@ yy21:       yych = *++YYCURSOR;
 yy22:  ++YYCURSOR;
        goto yy23;
 yy23:
-#line 487 "/home/rei/php_dev/php4/ext/standard/var_unserializer.re"
+#line 487 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
 {
-       size_t len, len2, maxlen;
+       size_t len, len2, len3, maxlen;
        int elements;
        char *class_name;
        zend_class_entry *ce;
@@ -539,6 +539,14 @@ yy23:
        class_name = str_tolower_copy((char *)emalloc(len+1), class_name, len);
        class_name[len] = '\0';
        
+       len3 = strspn(class_name, "0123456789_abcdefghijklmnopqrstuvwxyz");
+       if (len3 != len)
+       {
+               *p = YYCURSOR + len3 - len;
+               efree(class_name);
+               return 0;
+       }
+
        if (zend_hash_find(CG(class_table), class_name, len + 1, (void **) &ce) != SUCCESS) {
                if ((PG(unserialize_callback_func) == NULL) || (PG(unserialize_callback_func)[0] == '\0')) {
                        incomplete_class = 1;
@@ -583,7 +591,7 @@ yy23:
 
        return object_common2(UNSERIALIZE_PASSTHRU, elements);
 }
-#line 252 "<stdout>"
+#line 260 "<stdout>"
 yy24:  yych = *++YYCURSOR;
        if(yych <= ','){
                if(yych != '+') goto yy2;
@@ -612,7 +620,7 @@ yy28:       yych = *++YYCURSOR;
 yy29:  ++YYCURSOR;
        goto yy30;
 yy30:
-#line 479 "/home/rei/php_dev/php4/ext/standard/var_unserializer.re"
+#line 479 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
 {
 
        INIT_PZVAL(*rval);
@@ -620,7 +628,7 @@ yy30:
        return object_common2(UNSERIALIZE_PASSTHRU,
                        object_common1(UNSERIALIZE_PASSTHRU, ZEND_STANDARD_CLASS_DEF_PTR));
 }
-#line 290 "<stdout>"
+#line 298 "<stdout>"
 yy31:  yych = *++YYCURSOR;
        if(yych == '+') goto yy32;
        if(yych <= '/') goto yy2;
@@ -644,7 +652,7 @@ yy35:       yych = *++YYCURSOR;
 yy36:  ++YYCURSOR;
        goto yy37;
 yy37:
-#line 461 "/home/rei/php_dev/php4/ext/standard/var_unserializer.re"
+#line 461 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
 {
        int elements = parse_iv(start + 2);
 
@@ -662,7 +670,7 @@ yy37:
 
        return finish_nested_data(UNSERIALIZE_PASSTHRU);
 }
-#line 333 "<stdout>"
+#line 341 "<stdout>"
 yy38:  yych = *++YYCURSOR;
        if(yych == '+') goto yy39;
        if(yych <= '/') goto yy2;
@@ -686,7 +694,7 @@ yy42:       yych = *++YYCURSOR;
 yy43:  ++YYCURSOR;
        goto yy44;
 yy44:
-#line 433 "/home/rei/php_dev/php4/ext/standard/var_unserializer.re"
+#line 433 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
 {
        size_t len, maxlen;
        char *str;
@@ -714,7 +722,7 @@ yy44:
        ZVAL_STRINGL(*rval, str, len, 1);
        return 1;
 }
-#line 386 "<stdout>"
+#line 394 "<stdout>"
 yy45:  yych = *++YYCURSOR;
        if(yych <= '/'){
                if(yych <= ','){
@@ -803,14 +811,14 @@ yy54:     if(yych <= ';'){
 yy55:  ++YYCURSOR;
        goto yy56;
 yy56:
-#line 426 "/home/rei/php_dev/php4/ext/standard/var_unserializer.re"
+#line 426 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
 {
        *p = YYCURSOR;
        INIT_PZVAL(*rval);
        ZVAL_DOUBLE(*rval, zend_strtod(start + 2, NULL));
        return 1;
 }
-#line 484 "<stdout>"
+#line 492 "<stdout>"
 yy57:  yych = *++YYCURSOR;
        if(yych <= ','){
                if(yych != '+') goto yy2;
@@ -870,7 +878,7 @@ yy65:       yych = *++YYCURSOR;
 yy66:  ++YYCURSOR;
        goto yy67;
 yy67:
-#line 411 "/home/rei/php_dev/php4/ext/standard/var_unserializer.re"
+#line 411 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
 {
        *p = YYCURSOR;
        INIT_PZVAL(*rval);
@@ -885,7 +893,7 @@ yy67:
 
        return 1;
 }
-#line 561 "<stdout>"
+#line 569 "<stdout>"
 yy68:  yych = *++YYCURSOR;
        if(yych == 'N') goto yy65;
        goto yy2;
@@ -914,14 +922,14 @@ yy72:     if(yych <= '/') goto yy2;
 yy73:  ++YYCURSOR;
        goto yy74;
 yy74:
-#line 404 "/home/rei/php_dev/php4/ext/standard/var_unserializer.re"
+#line 404 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
 {
        *p = YYCURSOR;
        INIT_PZVAL(*rval);
        ZVAL_LONG(*rval, parse_iv(start + 2));
        return 1;
 }
-#line 598 "<stdout>"
+#line 606 "<stdout>"
 yy75:  yych = *++YYCURSOR;
        if(yych <= '/') goto yy2;
        if(yych >= '2') goto yy2;
@@ -932,25 +940,25 @@ yy76:     yych = *++YYCURSOR;
 yy77:  ++YYCURSOR;
        goto yy78;
 yy78:
-#line 397 "/home/rei/php_dev/php4/ext/standard/var_unserializer.re"
+#line 397 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
 {
        *p = YYCURSOR;
        INIT_PZVAL(*rval);
        ZVAL_BOOL(*rval, parse_iv(start + 2));
        return 1;
 }
-#line 616 "<stdout>"
+#line 624 "<stdout>"
 yy79:  ++YYCURSOR;
        goto yy80;
 yy80:
-#line 390 "/home/rei/php_dev/php4/ext/standard/var_unserializer.re"
+#line 390 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
 {
        *p = YYCURSOR;
        INIT_PZVAL(*rval);
        ZVAL_NULL(*rval);
        return 1;
 }
-#line 627 "<stdout>"
+#line 635 "<stdout>"
 yy81:  yych = *++YYCURSOR;
        if(yych <= ','){
                if(yych != '+') goto yy2;
@@ -976,7 +984,7 @@ yy84:       if(yych <= '/') goto yy2;
 yy85:  ++YYCURSOR;
        goto yy86;
 yy86:
-#line 367 "/home/rei/php_dev/php4/ext/standard/var_unserializer.re"
+#line 367 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
 {
        int id;
 
@@ -999,7 +1007,7 @@ yy86:
        
        return 1;
 }
-#line 677 "<stdout>"
+#line 685 "<stdout>"
 yy87:  yych = *++YYCURSOR;
        if(yych <= ','){
                if(yych != '+') goto yy2;
@@ -1025,7 +1033,7 @@ yy90:     if(yych <= '/') goto yy2;
 yy91:  ++YYCURSOR;
        goto yy92;
 yy92:
-#line 346 "/home/rei/php_dev/php4/ext/standard/var_unserializer.re"
+#line 346 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
 {
        int id;
 
@@ -1046,9 +1054,9 @@ yy92:
        
        return 1;
 }
-#line 725 "<stdout>"
+#line 733 "<stdout>"
 }
-#line 576 "/home/rei/php_dev/php4/ext/standard/var_unserializer.re"
+#line 584 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
 
 
        return 0;

diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re
index 4b3e36dbf3e72e97f8ea9ad01a2bfa99b6a356cf..cf53a3a18967c604f4192c2b7a7b674c61a87c4e 100644 (file)
--- a/ext/standard/var_unserializer.re
+++ b/ext/standard/var_unserializer.re
@@ -485,7 +485,7 @@ PHPAPI int php_var_unserialize(UNSERIALIZE_PARAMETER)
 }
 
 "O:" uiv ":" ["]       {
-       size_t len, len2, maxlen;
+       size_t len, len2, len3, maxlen;
        int elements;
        char *class_name;
        zend_class_entry *ce;
@@ -520,6 +520,14 @@ PHPAPI int php_var_unserialize(UNSERIALIZE_PARAMETER)
        class_name = str_tolower_copy((char *)emalloc(len+1), class_name, len);
        class_name[len] = '\0';
        
+       len3 = strspn(class_name, "0123456789_abcdefghijklmnopqrstuvwxyz");
+       if (len3 != len)
+       {
+               *p = YYCURSOR + len3 - len;
+               efree(class_name);
+               return 0;
+       }
+
        if (zend_hash_find(CG(class_table), class_name, len + 1, (void **) &ce) != SUCCESS) {
                if ((PG(unserialize_callback_func) == NULL) || (PG(unserialize_callback_func)[0] == '\0')) {
                        incomplete_class = 1;